Cisco 350-201 - Cisco Performing CyberOps Using Core Security Technologies Certification Exam
Question #1 (Topic: demo questions)
A threat actor behind a single computer exploited a cloud-based application by sending multiple concurrent API requests. These requests made the application unresponsive. Which solution protects the application from being overloaded and ensures more equitable application access across the end user community
Correct Answer: A
Explanation not available for this question.
Question #2 (Topic: demo questions)
DRAG DROP An organization lost connectivity to critical servers, and users cannot access business applications and internal websites. An engineer checks the network devices to investigate the outage and determines that all devices are functioning. Drag and drop the steps from the left into the sequence on the right to continue investigating this issue. Not all options are used.
Correct Answer: A
Explanation:
| Source Actions (Left Column) | Correct Ordered Sequence (Right Column) |
* run show access-list * run show config * validate the file MD5 * generate the core file * verify the image file hash * check the memory logs * verify the memory state | 1. run show config 2. check the memory logs 3. verify the memory state 4. run show access-list |
Question #3 (Topic: demo questions)
A threat actor attacked an organization’s Active Directory server from a remote location, and in a thirty-minute timeframe, stole the password for the administrator account and attempted to access 3 company servers. The threat actor successfully accessed the first server that contained sales data, but no files were downloaded. A second server was also accessed that contained marketing information and 11 files were downloaded. When the threat actor accessed the third server that contained corporate financial data, the session was disconnected, and the administrator’s account was disabled. Which activity triggered the behavior analytics tool?
Correct Answer: C
Explanation not available for this question.
Question #4 (Topic: demo questions)
A security analyst needs to investigate a security incident involving several suspicious connections with a possible attacker. Which tool should the analyst use to identify the source IP of the offender
| Protocol | Local Address | Foreign Address | State |
| TCP | 192.168.1.8:54580 | vk-in-f108:imaps | ESTABLISHED |
| TCP | 192.168.1.8:54583 | 132.245.61.50:https | ESTABLISHED |
| TCP | 192.168.1.8:54916 | bay405-m:https | ESTABLISHED |
| TCP | 192.168.1.8:54978 | vu-in-f188:5228 | ESTABLISHED |
| TCP | 192.168.1.8:55094 | 72.21.194.109:https | ESTABLISHED |
| TCP | 192.168.1.8:55401 | wonderhowto:http | ESTABLISHED |
| TCP | 192.168.1.8:55730 | mia07s34-in-f78:https | TIME WA |
| Protocol | Local Address | Foreign Address | State |
| TCP | 192.168.1.8:55824 | a23-40-191-15:https | CLOSE_WAIT |
| TCP | 192.168.1.8:55825 | a23-40-191-15:https | CLOSE_WAIT |
| TCP | 192.168.1.8:55846 | mia07s25-in-f14:https | TIME_WAIT |
| TCP | 192.168.1.8:55847 | a184-51-150-89:http | CLOSE_WAIT |
| TCP | 192. | 157.55.56.154 | ESTABLISHED |
| TCP | 192.168.1 | atl14s38-in-f4:https | ESTABLISHED |
| TCP | 192.168.1.8:558 | 208-46-117-174: | ESTABLISHED |
| TCP | 192.168.1.8:55893 | vx-in-f95:https | TIME_WAIT |
| TCP | 192.168.1.8:55947 | stackoverflow:https | ESTABLISHED |
| TCP | 192.168.1.8:55966 | stackoverflow:https | ESTABLISHED |
| TCP | 192.168.1.8:55970 | mia07s34-in-f78:https | TIME_WAIT |
| TCP | 192.168.1.8:55972 | 191.238.241.80:https | TIME_WAIT |
| TCP | 192.168.1.8:55976 | 54.239.26.242:https | ESTABLISHED |
| TCP | 192.168.1.8:55979 | mia07s35-in-f14:https | ESTABLISHED |
| TCP | 192.168.1.8:55986 | serv | TIME_WAIT |
| TCP | 192.168.1.8:55988 | 104.16.118.182:http | ESTABLISHED |
Correct Answer: A
Explanation not available for this question.